CAS-003 · Question #469
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were callin
The correct answer is A. CPU, process state tables, and main memory dumps D. Indicators of compromise to determine ransomware encryption. Shutting the computer down means complete loss of forensic evidence within the “A” This means likely loss of indicators of compromise to determine ransomware encryption “D”
Question
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
Options
- ACPU, process state tables, and main memory dumps
- BEssential information needed to perform data restoration to a known clean state
- CTemporary file system and swap space
- DIndicators of compromise to determine ransomware encryption
- EChain of custody information needed for investigation
How the community answered
(17 responses)- A76% (13)
- B6% (1)
- C12% (2)
- E6% (1)
Explanation
Shutting the computer down means complete loss of forensic evidence within the “A” This means likely loss of indicators of compromise to determine ransomware encryption “D”
Topics
Community Discussion
No community discussion yet for this question.